OneID An architectural overview
|
|
- Henry Underwood
- 5 years ago
- Views:
Transcription
1 OneID An architectural overview Jim Fenton November 1, 2012 Introduction OneID is an identity management technology that takes a fresh look at the way that users authenticate and manage their identities on the Internet. Since it is a radical departure from most previous technologies in this area, this document gives a brief overview of how various OneID operations function and the rationale for many of the design decisions. This document assumes that the reader has a technical background and is familiar with OneID from a functional standpoint. This document begins with some aspects of the OneID infrastructure, namely key management and password/personal identification number (PIN) verification, and then continues with descriptions of the primary OneID functional processes. OneID commonly uses some terms that may not be familiar to the reader: Relying party (RP), website, or site The service being accessed by the user Access device (AD) or device An agent, typically a browser, on which the user initiates a transaction Control device (CD) or OneID Remote app An agent on which the user confirms a transaction Repository (repo) A cloud service operated by OneID or partners that holds encrypted user information, enforces user policy, and cosigns transactions Out- of- band confirmation of a sign in or transaction through an independent device such as the OneID Remote app. For consistency with internal naming conventions, this document uses somewhat different terminology than OneID user- facing documentation. Key Management OneID has a more complex key management structure than most systems of this sort to meet its goal of supporting arm s- length relationships among the three classes of agents representing the user: their [access] device, their OneID Remote app, and the repository they use. To keep the number of keys manageable, OneID makes extensive use of key derivation functions to create the keys from a smaller number of master keys. In order to provide consistent user signatures independent of which devices the user may be using, each class of agents has a master key that is generated when the 2012 OneID Inc. 1
2 user s account is created, or in the case of the OneID Remote app, when the first Remote app is added to their account. These master keys are securely transferred to new devices when the user adds them to their account. In order to allow users to individually authorize their devices and mobile apps, there is also an individual device identifier that is checked by the repository. The repository will block transactions from proceeding if the user device is found to be not authorized or has been temporarily locked by the user. The repository can also enforce device- specific security requirements, such as approval of a OneID Remote, if desired by the user. One of the elements of OneID s privacy framework is the use of directed identity to identify the user at sites where they use their OneID. This prevents sites from correlating the user s activities based on their OneID. Although in many cases users will release other information that may identify them, this capability is important to preserve pseudonymity in cases where this is required. To achieve this, OneID securely derives new keys from the respective master keys and the domain of the site the user is accessing. These keys are consistent when the same user visits the same site, but cannot be used to correlate with activity at other sites. Password and PIN management OneID uses two authentication factors. The first is the user s possession of a device with stored keying information. The second is a memorized password (used on access devices) and PIN (used on OneID Remote apps). Password and PIN management takes advantage of keying information stored in the user s endpoints, enabling secure verification of passwords and PINs in a way that isn t subject to dictionary attack. Passwords and PINs never leave the device on which the user enters them. Passwords and PINs are verified by deriving a private key from the password or PIN entered by the user combined with a secret salt derived from the device s master key. The user s device signs a challenge nonce from the repository using this key, and the repository verifies this signature using the corresponding public key that it has stored. Since the repo never has knowledge of the 128- bit salt value, dictionary attacks are not feasible. The repository signature attests to, among other things, the successful verification of the PIN and/or password as required. The repository also enforces limits on the rate of incorrect password or PIN verifications it will perform, to protect against an attacker with access to one of those devices. Attribute Management User attributes currently self- asserted information from the user, such as their name, address, and credit card information are encrypted at the user s device and 2012 OneID Inc. 2
3 are stored in encrypted form in the repository. As additional protection on the nature of the information stored in the repo, the AD also deterministically encrypts (using a fixed initialization vector) the names of attributes and the names of sites with which the user has authorized the attributes to be shared. When an attribute is to be retrieved, the AD encrypts the attribute and relying party name deterministically, and sends those to the repo for retrieval. The repo also determines when it is necessary for the AD to prompt the user for permission to share an attribute that has not been shared with that site previously. Authentication User authentication starts with a challenge nonce generated by the relying party. The user s device (browser), the repository, and optionally one of the user s OneID Remote apps then generate signatures upon their own copies of the nonce. The signed nonces are returned to the RP via an SSL callback, along with attribute data requested by the RP and some information confirming the RP identity and the type of authentication performed. Let s look at this process in more detail. 1. The user device accesses a OneID- enabled website which returns a digital challenge (known as a nonce ) and requests that the user authenticate by providing signatures from their device and their OneID repository. The site can also request a third signature from the user s OneID remote, can specify entry of a PIN or password as additional security, and can request that the user share some information (attributes) stored in their repository as part of the authentication process. It also supplies a callback URL to be used to return the authentication signatures. 2. The user device passes the challenge, proof of the identity of the specific device, and information about the request (encrypted for privacy reasons) to their OneID credential and data storage repository. If the website has 2012 OneID Inc. 3
4 requested user attributes, it encrypts the attribute request and sends it to the repository as well. 3. If either the request or the user s preferences require participation of a OneID Remote, the repository sends the challenge and the encrypted description of the transaction being approved to the user s OneID Remote app. 4. If required, the OneID Remote app decrypts the request using keying information it has stored and displays it to the user. Depending on the security requirements of the user and the website, it may prompt the user to enter a PIN. If the user consents, the OneID Remote app will sign the challenge using a private key known only to Remote apps. It sends the signed challenge, a signature representing the identity of the individual OneID Remote app, and a cryptographic verifier for the PIN (not the PIN itself) back to the repository. 5. If all of the security requirements specified by the user and the website are satisfied, the PIN if required was entered correctly, and all of the user devices have proven to the repository that they are authorized devices, the repository will sign the challenge and return the signed challenges to the user s device. If attributes were requested, the repository retrieves those encrypted values and whether they have previously been released to this website, and includes those in the response. If attributes are being provided to this website that have not been previously released, the user s device obtains user consent. If authorized, the user device decrypts the attributes. 6. The user s device signs the challenge using a private key derived from the device s master key and the site name and returns all the signed challenges and decrypted attributes to the website via the callback URL provided in step 1. The website verifies all signatures are correct, grants access to the user, and makes use of whatever attributes may have been provided. The website never communicates directly with the user s repository, placing the user directly in control and limiting the information available to both the website and the repository. Adding devices In order to make it possible for a user to use their OneID on more than one device, OneID has a process known as device addition to securely transfer keying information from one device to another and capabilities to manage devices through the OneID Control Panel. In order to keep this process as easy to use as possible while maintaining security, this is facilitated through the use of QR codes (two- dimensional barcodes) that are scanned by the user s OneID Remote app using that device s camera. The device to be added to the user s account initiates this process by generating and displaying a QR code that is used to establish the connection between the devices 2012 OneID Inc. 4
5 and to communicate a short- term secret that can be used to securely transfer the keying information. The user must also provide the password or PIN as appropriate for the device being added. The user s OneID Remote app scans the code and, if the repository correctly verifies the PIN or password, facilitates the transfer of encrypted keying information to the new device (the repository never has access to the user devices keying information). QR code displayed on a device being added A special case of this process is the addition of the very first OneID Remote to a user s account. In this case, the flow is reversed: the new OneID Remote scans a QR code displayed on the user s browser to associate it with the account. The new OneID Remote generates its own master key and PIN verifier, and calculates the necessary public keys and sends them to the repository for future use. Once the first OneID Remote is added to the user s OneID account, all future addition of devices and additional OneID Remotes is approved by one of the OneID Remote apps already associated with the user s account. Account Recovery OneID gives the user the ability to create an account recovery URL that can be rendered as a QR code for recovery of their account. The URL contains a key that is used to encrypt a copy of the user s device secrets for storage in the repository. The user can store this URL/QR code in any manner they wish: they can print out the QR code and store it in a safe place, they can send the URL in an to themselves (which, of course, limits the security of the OneID account to that of their account), or they can store it electronically in a manner of their choosing (cloud storage service, USB memory stick, etc.) OneID Inc. 5
6 Sample OneID Recovery QR code The recovery code URL references a service that renders the QR code locally in the user s browser. After scanning the code and prompting the user for their PIN code, the Remote app receives the necessary keying information and is added to the user s account. The user can then manage the other devices on their OneID account, including adding new devices and removing any devices that may have been lost or stolen OneID Inc. 6
Security Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationncrypted Cloud works on desktops and laptop computers, mobile devices, and the web.
OS X User Manual Welcome to ncrypted Cloud! ncrypted Cloud is a Security Collaboration application that uses Industry Standard Encryption Technology (AES-256 bit encryption) to secure files stored in the
More informationEndpoint Protection with DigitalPersona Pro
DigitalPersona Product Brief Endpoint Protection with DigitalPersona Pro An introductory technical overview to DigitalPersona s suite for Access Management, Data Protection and Secure Communication. April
More informationPRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B
PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT 800-63B MOTIVATION DATABASE LEAKAGE ADOBE 152,982,479 Encrypted with 3DES ECB Same password == same ciphertext https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationGoogle Authenticator User Guide
The Google Authenticator app on your mobile phone will generate time based one time verification codes, each of which is valid only for thirty seconds. These verification codes are used to log in to the
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationINFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT
INFORMATION TECHNOLOGY COMMITTEE ESCB-PKI PROJECT SUBSCRIBER S GUIDE VERSION 1.3 ECB-PUBLIC 15-April-2014 ESCB-PKI - Subscriber's Procedures v.1.3.docx Page 2 of 26 TABLE OF CONTENTS GLOSSARY AND ACRONYMS...
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationHow Secured2 Uses Beyond Encryption Security to Protect Your Data
Secured2 Beyond Encryption How Secured2 Uses Beyond Encryption Security to Protect Your Data Secured2 Beyond Encryption Whitepaper Document Date: 06.21.2017 Document Classification: Website Location: Document
More informationWHITE PAPER. Authentication and Encryption Design
WHITE PAPER Authentication and Encryption Design Table of Contents Introduction Applications and Services Account Creation Two-step Verification Authentication Passphrase Management Email Message Encryption
More informationVault. Vault. End User Guide END USER GUIDE. L o r e. (For Standard, Professional & Enterprise Editions)
L o r e L END USER GUIDE (For Standard, Professional & Enterprise Editions) Table of contents 1. Introduction 2. Important terms 3. Sign up instructions 4. Basic settings Initiate sharing Configure two-factor
More informationMulti-factor Authentication Instructions
What is MFA? Multi-factor Authentication (MFA) is a security measure to confirm your identity in addition to your username and password. It helps in the prevention of unauthorized access to your account.
More informationGetting Started New User. To begin, open the Multi-Factor Authentication Service in your inbox.
Getting Started New User To begin, open the Multi-Factor Authentication Service email in your inbox. 1 1 Getting Started New User Click the link https://mfa.baptisthealth.net/portal. This link takes you
More informationGRANDSTREAM PRIVACY STATEMENT
GRANDSTREAM PRIVACY STATEMENT This Privacy Statement governs how Grandstream Networks, Inc. and its affiliates ( Grandstream, us, our or we ) may collect, use, and disclose information that we obtain through
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationArchitecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World
Technology for a Changing World Architecture Assessment Case Study Single Sign on Approach Document PROBLEM: Existing portal has Sign on Capabilities based on the SQL Server database and it s not having
More information2-STEP AUTHENTICATION SETUP For Office 365
2-STEP AUTHENTICATION SETUP For Office 365 Table of Contents 2-Step Authentication Introduction... 3 Section 1: Setup Process to Receive a Text on your Mobile Phone... 4 Section 1 Step 1... 4 Section 1
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationSumy State University Department of Computer Science
Sumy State University Department of Computer Science Lecture 1 (part 2). Access control. What is access control? A cornerstone in the foundation of information security is controlling how resources are
More informationSignup for Multi-Factor Authentication
What is Multi-Factor Authentication? Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More information1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague
1000 Ways to Die in Mobile OAuth Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague What is this work about? In 2014, Studied OAuth usage in 200 Android/iOS OAuth applications.
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationRSA SecurID Implementation
Partner Information Partner Name Website Product Name Barracuda Networks Version & Platform x60 Series Product Description Product Category Solution Summary www.barracudanetworks.com Product Information
More informationMulti-factor Authentication Instructions
What is MFA? (MFA) is a security measure to confirm your identity in addition to your username and password. It helps in the prevention of unauthorized access to your account. MFA authentication is typically
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationMFA Instructions. Getting Started. 1. Go to Apps, select Play Store 2. Search for Microsoft Authenticator 3. Click Install
MFA Instructions Getting Started You will need the following: Your smartphone, a computer, and Internet access. Before using MFA your computer will need to be running Office 2016 if you use the full version
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationMANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE APRIL 2019 PRINTED 17 APRIL 2019 MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE Table of Contents Overview Introduction Audience Getting Started with Android
More informationCode42 Security. Tech Specs Data Protection & Recovery
Tech Specs Data Protection & Recovery Code42 Security Code42 provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the
More informationEnhanced OpenID Protocol in Identity Management
Enhanced OpenID Protocol in Identity Management Ronak R. Patel 1, Bhavesh Oza 2 1 PG Student, Department of Computer Engg, L.D.College of Engineering, Gujarat Technological University, Ahmedabad 2 Associate
More informationClient-Server Architecture PlusUltra beyond the Blockchain
1--------------------------------------------Table of Contents 2--------------------------------------------PlusUltra Single Sign On 3--------------------------------------------Client-Server Architecture
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationSecurity analysis of OpenID, followed by a reference implementation of an npabased OpenID provider
Security analysis of OpenID, followed by a reference implementation of an npabased OpenID provider Sebastian Feld, Norbert Pohlmann Institute for Internet-Security, if(is) Gelsenkirchen University of Applied
More informationComodo IT and Security Manager Software Version 5.4
Comodo IT and Security Manager Software Version 5.4 End User Guide Guide Version 5.4.090716 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 Table of Contents 1. Introduction to Comodo IT
More informationIntegration Guide. LoginTC
Integration Guide LoginTC Revised: 21 November 2016 About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details
More informationMFA (Multi-Factor Authentication) Enrollment Guide
MFA (Multi-Factor Authentication) Enrollment Guide Morristown Medical Center 1. Open Internet Explorer (Windows) or Safari (Mac) 2. Go to the URL: https://aka.ms/mfasetup enter your AHS email address and
More informationOn the Revocation of U-Prove Tokens
On the Revocation of U-Prove Tokens Christian Paquin, Microsoft Research September nd 04 U-Prove tokens provide many security and privacy benefits over conventional credential technologies such as X.509
More informationTable of Contents. Page 1 of 6 (Last updated 27 April 2017)
Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationSafeNet MobilePASS+ for Android. User Guide
SafeNet MobilePASS+ for Android User Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep the
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationWelcome to ncrypted Cloud!... 4 Getting Started Register for ncrypted Cloud Getting Started Download ncrypted Cloud...
Windows User Manual Welcome to ncrypted Cloud!... 4 Getting Started 1.1... 5 Register for ncrypted Cloud... 5 Getting Started 1.2... 7 Download ncrypted Cloud... 7 Getting Started 1.3... 9 Access ncrypted
More informationUntraceable Nym Creation on the Freedom 2.0 Network
Russell Samuels Ed Hawco November 1, 2000 Untraceable Nym Creation on the Freedom 2.0 Network Version 2.0 This whitepaper, targeted at users with a basic understanding of Freedom, describes the Freedom
More informationSophos Mobile Security
Help Product Version: 8.5 Contents About Sophos Mobile Security...1 Dashboard... 2 Scanner... 3 Web Filtering... 4 App Protection...5 Call Blocking...6 Loss & Theft...7 Configure Loss & Theft... 8 Wi-Fi
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationLogMeIn Rescue Getting Started with Two-Step Verification. User Guide
LogMeIn Rescue Getting Started with Two-Step Verification User Guide Contents Two-Step Verification at a Glance...3 How to Enforce Two-Step Verification...4 How to Reset Two-Step Verification...4 How to
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationQuick Guide for Mynaportal
Quick Guide for Mynaportal Introduction of Mynaportal and About This Guide Mynaportal is an online service managed by the government of Japan. You can apply to services online related to parenting by the
More informationSecuring today s identity and transaction systems:! What you need to know! about two-factor authentication!
Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationIndeed Card Management Smart card lifecycle management system
Indeed Card Management Smart card lifecycle management system Introduction User digital signature, strong authentication and data encryption have become quite common for most of the modern companies. These
More informationQBS and authentication
QBS works best on Internet Explorer, Edge or Mozilla. Avoid Chrome as some of the screens can appear a little different to what you expect. Please upgrade your version to the latest one QBS and authentication
More informationMicrosoft IT deploys Work Folders as an enterprise client data management solution
Microsoft IT deploys Work Folders as an enterprise client data management solution Published May 2014 The following content may no longer reflect Microsoft s current position or infrastructure. This content
More informationCloud Security Whitepaper
Cloud Security Whitepaper Sep, 2018 1. Product Overview 3 2. Personally identifiable information (PII) 3 Using Lookback without saving any PII 3 3. Security and privacy policy 4 4. Personnel security 4
More informationMFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment
Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup
More informationApril Understanding Federated Single Sign-On (SSO) Process
April 2013 Understanding Federated Single Sign-On (SSO) Process Understanding Federated Single Sign-On Process (SSO) Disclaimer The following is intended to outline our general product direction. It is
More informationOnce a USB drive has been inserted into an encrypted machine, the Dell Data Protection software will recognize the unencrypted device.
Dell Data Protection USB Drive Encryption Introduction To further protect PC s that have access to sensitive data, the Dell Data Protection (DDP) client detects and encrypts USB/Flash drives when they
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationContents. Multi-Factor Authentication Overview. Available MFA Factors
The purpose of this document is to provide National University student Single Sign-On users with instructions for how to configure and use Multi-Factor Authentication. Contents Multi-Factor Authentication
More informationDuo Multi-Factor Authentication Enrolling an iphone. Introduction. Enrolling an iphone
Duo Multi-Factor Authentication Enrolling an iphone Introduction Duo is a multi-factor authentication tool chosen by Towson University to help prevent data breaches. Duo is a tool that verifies someone
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationIdentity Systems. Jim Fenton
Identity Systems Jim Fenton Defining identity is like nailing Jell-O to the wall. Source Uncertain Flickr photo by stevendepolo 2 Terminology!! Subject The person (usually) whose identity is involved Sometimes
More informationVSTAT USERS GUIDE LAUNCHING VSTAT
The following document provides details and documentation regarding the use of the vstat Mobile Application. The information contained within this document provides general guidance on the usage of the
More informationMitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2
Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE Release 9.2 NOTICE The information contained in this document is believed to be accurate in all respects but is not warranted by Mitel
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationSecurity protocols. Correctness of protocols. Correctness of protocols. II. Logical representation and analysis of protocols.i
Security protocols Logical representation and analysis of protocols.i A security protocol is a set of rules, adhered to by the communication parties in order to ensure achieving various security or privacy
More informationDevice LinkUp Manual. Android
Device LinkUp Manual Android Version 2.0 Release 1.0.0.2587 April 2016 Copyright 2016 iwebgate. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationIntroduction Secure Message Center (Webmail, Mobile & Visually Impaired) Webmail... 2 Mobile & Tablet... 4 Visually Impaired...
WEB MESSAGE CENTER END USER GUIDE The Secure Web Message Center allows users to access and send and receive secure messages via any browser on a computer, tablet or other mobile devices. Introduction...
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationMan in the Middle Attacks and Secured Communications
FEBRUARY 2018 Abstract This document will discuss the interplay between Man in The Middle (MiTM/ MITM) attacks and the security technologies that are deployed to prevent them. The discussion will follow
More informationMcAfee Client Proxy Product Guide
McAfee Client Proxy 2.3.5 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,
More informationBEST PRACTICES FOR PERSONAL Security
BEST PRACTICES FOR PERSONAL Email Security Sometimes it feels that the world of email and internet communication is fraught with dangers: malware, viruses, cyber attacks and so on. There are some simple
More informationGLOBAL PAYMENTS AND CASH MANAGEMENT. Security
GLOBAL PAYMENTS AND CASH MANAGEMENT Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationTECHNICAL GUIDE SSO SAML Azure AD
1 TECHNICAL GUIDE SSO SAML Azure AD At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. Version 1.0 2 360Learning
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationOPC UA Configuration Manager Help 2010 Kepware Technologies
OPC UA Configuration Manager Help 2010 Kepware Technologies 1 OPC UA Configuration Manager Help Table of Contents 1 Getting Started... 2 Help Contents... 2 Overview... 2 Server Settings... 2 2 OPC UA Configuration...
More informationBarron McCann Technology X-Kryptor
Barron McCann Technology X-Kryptor RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 10, 2008 Product Information Partner Name Web Site Product Name Version & Platform
More informationMFA Pilot Instructions
MFA Pilot Instructions Getting Started You will need the following: Your smartphone, a computer, and Internet access. Before using MFA your computer will need to be running Office 2016. If you are still
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationLastPass Enterprise Recommended Policies Guide
LastPass Enterprise Recommended Policies Guide This document will help guide you through common scenarios and selecting policies to enable on your LastPass Enterprise account. We will not cover all policies
More informationGoogle 2 factor authentication User Guide
Google 2 factor authentication User Guide Description: Updated Date: This guide describes how to setup Two factor authentication for your Google account. March, 2018 Summary ITSC is pleased to launch Two
More informationUSER MANUAL ID PROOFING AND TWO-FACTOR AUTHENTICATION THROUGH FALCON PHYSICIAN TABLE OF CONTENTS
FALCON PHYSICIAN in partnership with SYMANTEC and SURESCRIPTS USER MANUAL ID PROOFING AND TWO-FACTOR AUTHENTICATION THROUGH FALCON PHYSICIAN TABLE OF CONTENTS Quick Overview PG. ii What You ll Need PG.
More informationImplementing Secure Socket Layer
This module describes how to implement SSL. The Secure Socket Layer (SSL) protocol and Transport Layer Security (TLS) are application-level protocols that provide for secure communication between a client
More informationComodo Certificate Manager Version 5.4
Comodo Certificate Manager Version 5.4 Introduction to Auto-Installer Comodo CA Limited, 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester M5 3EQ, United Kingdom.
More informationowncloud Android App Manual
owncloud Android App Manual Release 2.7.0 The owncloud developers October 30, 2018 CONTENTS 1 Release Notes 1 1.1 Changes in 2.7.0............................................. 1 1.2 Changes in 2.6.0.............................................
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More information